Changing LmCompatiblity Level
My default domain policy has our "Network security: LAN Manager authentication level policy" set as "1 - Send LM & NTLM - use NTLMv2 session security if negotiated".
This is found at Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: LAN Manager authentication level
Our current workstation policy has this set to "5 - Send NTLMv2 response only. Refuse LM & NTLM"
Everything is working fine between the workstations, servers, and domain controllers.
Because of this default domain policy our newly added Azure VM servers are having problems mapping to Azure file shares.
If I change this setting on our domain joined Azure VM servers from 1 to 3 (Send NTMv2 response only) then the mapping works just fine but when the group policy refreshes the value goes back to 1 and the drive mapping disconnects.
This is the key to change it: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\lmcompatibilityLevel
Change from 1 to 3.
We have Windows Server 2016 an 2019 servers and Windows 10 workstations all up to date.
What is the impact of making this change to our 'default domain policy'? Will this cause any authentication issues between workstations, servers, exchange, sql, or domain controllers?
I need the default to be either 3 or, preferably, 5.